rattail/rattail-manual
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add docs re: "sync users" role flag

Browse source
This commit is contained in:
Lance Edgar 2021-11-13 15:23:25 -06:00
parent 25d1c1b739
commit beae947df1
1 changed files with 28 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
docs/data/auth.rst
View file

@ -141,9 +141,12 @@ Users
By default all users are synced across all nodes; simple as that.
It is possible however to mark a user account as "local only" - which
will cause that particular user to *not* be synced to other nodes; it
will exist only in the current node.
But only the user proper is synced, and *not* the roles they belong to
(see next section for that).
When making a new user account it's possible to mark it as "local only"
- which causes it to *not* be synced to other nodes. It should exist
only in the node where it was created.
Roles
@ -152,8 +155,26 @@ Roles
By default *no* roles are synced across nodes; each is "local only"
effectively.
It is possible however to mark a role as "synced" - which will cause
that role to be synced across all nodes.
However you can mark a role as "synced" - which will cause it to be
synced across all nodes. There are two flags you can set:
"Sync Attrs & Perms" is the flag you would set in order to cause the
role to be synced at all, in the first place. As the name implies
this will sync the role proper as well as its permission list.
"Sync Users" is the flag to set if you want the role's user list to be
synced as well.
.. note::
Role names must be unique within each system. If you have 2 nodes
and they each have e.g. a "Manager" role defined (separately), and
then you turn on sync for one of them, there will be an error.
Instead rename the one you don't want to keep, then turn on sync
for the one you do.
Node Types
++++++++++
In a multi-node system it is likely that there are different "types"
of nodes. In such a system it may be useful to sync certain roles,
@ -161,12 +182,7 @@ but have them only "apply" to certain node types. (The roles must
exist in all nodes for sync to work properly, but need only apply to
certain nodes.)
If a role is synced, then not only its primary attributes (e.g. name)
will be synced, but also its user "membership" list as well as its
permission list.
The main use case here is in a multi-store setup, where you have one
"host" node and two or more "store" nodes. You can create a role with
node type of "store" and flag it for sync. The role will be synced
along with its users and permissions, but will only be actually *used*
on the store nodes.
node type of "store" and flag it for sync. The role will be *synced*
to all nodes, but will only be actually *used* on the store nodes.